Lucene search
K
NcscMost viewed

4190 matches found

NCSC
NCSC
•added 2022/06/03 12:0 a.m.•5 views

Vulnerability fixed in IBM Spectrum Protect Plus

IBM has fixed a vulnerability in Spectrum Protect Plus. Credentials of users are printed in readable text in the IBM Spectrum Protect Plus virgo log file. IBM has released updates to fix the vulnerabilities in Spectrum Protect Plus 10.1.0.0-10.1.9.32. For more information, see:...

7.5CVSS6.8AI score0.00658EPSS
Exploits0
NCSC
NCSC
•added 2022/06/02 12:0 a.m.•5 views

Vulnerabilities fixed in HPE ProLiant Intel BIOS

Vulnerabilities have been fixed in the Intel BIOS of HPE ProLiant DX servers. The vulnerabilities in DX Gen 10 servers with features DX170r, DX190r, DX360, DX380, DX560 and DX4200 allow a local malicious person able to obtain sensitive information or increase privileges. HPE has made updates...

7.8CVSS6.7AI score0.00268EPSS
Exploits0
NCSC
NCSC
•added 2022/06/01 12:0 a.m.•5 views

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Multiple vulnerabilities have been fixed in the Red Hat OpenShift Container Platform. These vulnerabilities allow an attacker to able to perform a Cross-Site Scripting XSS attack on the subversion plugin of Jenkins or a denial-of-service DoS in GoLang. Red Hat has made updates available for Red H...

7.5CVSS6.4AI score0.7855EPSS
Exploits0
NCSC
NCSC
•added 2022/05/30 12:0 a.m.•5 views

Zero-day vulnerability discovered in Microsoft Word

A researcher has found a zero-day vulnerability in Microsoft Word. This new exploit in Office macros, external template files containing malicious code while macros are disabled. When a user converts the document to RTF format, the code is also executed in "Protected view" or "Preview mode. For...

7.1AI score
Exploits0
NCSC
NCSC
•added 2022/05/20 12:0 a.m.•5 views

Vulnerability fixed in Oracle E-Business suite

Oracle has fixed a vulnerability in Oracle E-Business Suite. A malicious party could use the vulnerability to access gain access to sensitive information. The malicious party does not need prior authentication to do so. Oracle indicates that the vulnerability is not present in the Oracle SaaS clo...

7.5CVSS6.8AI score0.70589EPSS
Exploits1
NCSC
NCSC
•added 2022/05/19 12:0 a.m.•5 views

Vulnerabilities fixed in VMWare products

VMware has fixed two vulnerabilities in Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation and vRealize Suite Lifecycle Manager. An unauthenticated malicious person with access to the management environment could potentially exploit the vulnerabilities to gain gain...

9.8CVSS7.3AI score0.52813EPSS
Exploits11
NCSC
NCSC
•added 2022/05/18 12:0 a.m.•5 views

Vulnerabilities fixed in NVIDIA drivers

NVIDIA has fixed vulnerabilities in its GPU drivers for Windows and Linux. A malicious party could exploit the vulnerabilities to causing the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution Administrator/Root privileges Increased user privileges The...

9.9CVSS7.6AI score0.01492EPSS
Exploits0
NCSC
NCSC
•added 2022/05/13 12:0 a.m.•5 views

Vulnerability fixed in Check Point Endpoint Security Client

Check Point has fixed a vulnerability in Check Point Endpoint Security Client for Windows. A local malicious agent could exploit the vulnerability to obtain elevated privileges and then execute arbitrary code under those privileges. To do so, the malicious party must place rogue files in a...

7.8CVSS7.5AI score0.04076EPSS
Exploits0
NCSC
NCSC
•added 2022/05/12 12:0 a.m.•5 views

Vulnerability fixed in Dell iDRAC9

Dell has fixed a vulnerability in iDRAC9.The vulnerability allows an unauthenticated malicious party to bypass authentication bypass authentication and gain access to the VNC console. Dell has released updates to fix the vulnerability. For more information, see:...

10CVSS7.2AI score0.53824EPSS
Exploits0
NCSC
NCSC
•added 2022/05/11 12:0 a.m.•5 views

Vulnerabilities fixed in Adobe Framemaker

Adobe has fixed vulnerabilities in Framemaker. The vulnerabilities allow a malicious party to cause a denial-of-service or execute arbitrary code under privileges of the application. To do this, the malicious party must persuade the victim to open a rogue file. Adobe has released updates to fix t...

9.3CVSS7.4AI score0.02579EPSS
Exploits0
NCSC
NCSC
•added 2022/05/11 12:0 a.m.•5 views

Vulnerabilities fixed in Oracle Enterprise Linux kernel

Oracle has fixed vulnerabilities in the Oracle Linux kernel. The vulnerabilities allow a local malicious person to cause a denial-of-service, obtain elevated privileges or gain access to system information. Successful exploit requires authentication. -= Oracle =- Oracle has made updates available...

8.6CVSS6.6AI score0.05524EPSS
Exploits15
NCSC
NCSC
•added 2022/05/10 12:0 a.m.•5 views

Vulnerability fixed in Microsoft Azure

A vulnerability has been fixed in Microsoft Azure. The vulnerability allows an authenticated malicious person to execute arbitrary code. The vulnerability is in a driver used to run in Azure Synapse pipelines and Azure Data Factory Integration Runtime IR to connect to Amazon Redshift. The malicio...

7.8CVSS7AI score0.03686EPSS
Exploits0
NCSC
NCSC
•added 2022/05/10 12:0 a.m.•5 views

Vulnerabilities fixed in Siemens products

Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security measure...

9.8CVSS8.1AI score0.60122EPSS
Exploits3
NCSC
NCSC
•added 2022/05/10 12:0 a.m.•5 views

Vulnerability fixed in ecdsautils

Debian has fixed a vulnerability in ecdsautils. This is a library used for cryptographic applications based based on ECDSA. The vulnerability is in functionality for validating of ECDSA signatures. The flaw causes an application considers specially crafted signatures to be valid when they are not...

10CVSS7.1AI score0.48235EPSS
Exploits6
NCSC
NCSC
•added 2022/05/06 12:0 a.m.•5 views

Vulnerabilities fixed in Splunk

Vulnerabilities have been fixed in Splunk. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Access to system data Increased user privileges Updates have been...

8.8CVSS6.5AI score0.0139EPSS
Exploits0
NCSC
NCSC
•added 2022/04/29 12:0 a.m.•5 views

Vulnerabilities fixed in Zoom

Vulnerabilities have been fixed in Zoom. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Access to sensitive data Increased user privileges Zoom has released updates to fix...

7.9CVSS6.7AI score0.00975EPSS
Exploits0
NCSC
NCSC
•added 2022/04/25 12:0 a.m.•5 views

Vulnerability fixed in WSO2 products

A serious vulnerability has been fixed in several products of WSO2. A malicious person with access to the network can exploit the exploit the vulnerability to execute arbitrary code or gain access to sensitive data. Public exploit code is available. This exploit code allows a remote malicious par...

10CVSS7.5AI score0.99999EPSS
Exploits22
NCSC
NCSC
•added 2022/04/21 12:0 a.m.•5 views

Vulnerability fixed in Kibana

A vulnerability has been fixed in Kibana. A malicious party could potentially exploit the vulnerability to obtain sensitive information. The vulnerability is not in the default configuration. Only Kibana installations that explicitly use Elastic Stack monitoring are potentially vulnerable. Elasti...

5.3CVSS6.6AI score0.00888EPSS
Exploits0
NCSC
NCSC
•added 2022/04/20 12:0 a.m.•5 views

Vulnerabilities fixed in OpenJPEG

Vulnerabilities have been fixed in OpenJPEG. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data -= openSUSE =- The developers of openSUSE have made updates...

8.8CVSS7.8AI score0.04932EPSS
Exploits7
NCSC
NCSC
•added 2022/04/20 12:0 a.m.•5 views

Vulnerability fixed in Mattermost

A vulnerability has been fixed in Mattermost with versions lower than 6.5. Email invitations to a Mattermost channel or server are insufficiently invalidated when selected by an administrator. This allows a person to still participate in Mattermost channels even though access has been revoked aft...

5.8CVSS6.6AI score0.0083EPSS
Exploits1
NCSC
NCSC
•added 2022/04/15 12:0 a.m.•5 views

Vulnerabilities fixed in McAfee Agent

Vulnerabilities have been fixed in McAfee Agent. The vulnerabilities potentially enable a malicious party to gain elevated privileges or access to sensitive data, or to execute arbitrary code execute arbitrary code with the application's permissions. McAfee has made updates available to address t...

8.4CVSS7.9AI score0.00936EPSS
Exploits2
NCSC
NCSC
•added 2022/04/14 12:0 a.m.•5 views

Vulnerability fixed in PAN-OS

A vulnerability has been fixed in PAN-OS. A malicious person with access to the DNS proxy feature of PAN-OS software could use a Man-in-the-Middle MITM method specifically crafted traffic to the firewall causing the service to be unexpectedly restarted. restart. The vulnerability is in the...

5.9CVSS6.8AI score0.00704EPSS
Exploits0
NCSC
NCSC
•added 2022/04/13 12:0 a.m.•5 views

Vulnerability fixed in HAProxy

A vulnerability has been fixed in HAProxy. A malicious party could exploit the vulnerability to cause a denial-of-service. By sending a specifically prepared HTTP response, the application will enter a loop and thus become become unreachable. -= Debian =- Debian has made updates to haproxy...

7.5CVSS6.8AI score0.16563EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in supporting products of Azure. A malicious party could potentially exploit them to appropriate elevated privileges and gain access gain access to sensitive data. The vulnerabilities in Azure Site Recovery are located specifically in the VMWare-to-Azure and...

7.2CVSS6.6AI score0.02306EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•5 views

Vulnerability fixed in Microsoft Windows Defender

A vulnerability has been fixed in Microsoft Windows Defender. A malicious party can exploit this vulnerability to cause a denial-of-service. This requires a user to be tricked into handling a rogue file on the system. Windows Defender: |----------------|------|------------------------------------...

5.5CVSS6.1AI score0.02713EPSS
Exploits0
NCSC
NCSC
•added 2022/04/12 12:0 a.m.•5 views

Vulnerability fixed in Microsoft Dynamics

A vulnerability has been fixed in Microsoft Dynamics. The vulnerability potentially allows an authenticated user to to execute arbitrary SQL code on the Dynamics database. Microsoft Dynamics: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

9CVSS7.5AI score0.02776EPSS
Exploits0
NCSC
NCSC
•added 2022/04/07 12:0 a.m.•5 views

Vulnerabilities fixed in FortiClient

Vulnerabilities have been fixed in FortiClient for Linux and Windows. The vulnerabilities allow a local malicious agent to to gain access to system data and obtain elevated privileges. Fortinet has released updates to fix the vulnerability. More information can be found on the pages below:...

8.8CVSS6.7AI score0.00888EPSS
Exploits0
NCSC
NCSC
•added 2022/03/25 12:0 a.m.•5 views

Vulnerability fixed in SonicOS

SonicWall has fixed a vulnerability in SonicOS. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service, and potentially execute arbitrary code execute arbitrary code in the firewall process. SonicWall has released updates to fix the vulnerability in SonicO...

9.8CVSS7.6AI score0.57324EPSS
Exploits3
NCSC
NCSC
•added 2022/03/23 12:0 a.m.•5 views

Vulnerability fixed in IBM MQ

IBM has fixed a vulnerability in IBM MQ. The vulnerability allows an authenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerability. For more information, see: https://www.ibm.com/support/pages/node/6560040...

6.5CVSS6.6AI score0.00945EPSS
Exploits0
NCSC
NCSC
•added 2022/03/21 12:0 a.m.•5 views

Vulnerability fixed in IBM Specturm Protect

IBM has fixed a vulnerability in Spectrum Protect Server. By exploiting this vulnerability obtain elevated privileges on the vulnerable system. IBM has released updates to fix the vulnerability in Spectrum Protect Server 8.1.14.100. For more information, see:...

9CVSS6.7AI score0.02125EPSS
Exploits0
NCSC
NCSC
•added 2022/03/16 12:0 a.m.•5 views

Vulnerabilities fixed in Bareos

Vulnerabilities have been fixed in Bareos. The vulnerability with reference CVE-2022-24755 can be exploited to bypass authentication. circumvention. To exploit this vulnerability, the Bareos Director must be configured with PAM as the authentication agent. The vulnerability with attribute...

9.8CVSS7.1AI score0.01996EPSS
Exploits2
NCSC
NCSC
•added 2022/03/15 12:0 a.m.•5 views

Vulnerabilities fixed in CyberArk Privileged Session Manager and Password Vault Manager

Vulnerabilities have been fixed in the CyberArk Privileged Session Manager and Password Vault Manager. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to...

7.5AI score
Exploits0
NCSC
NCSC
•added 2022/03/11 12:0 a.m.•5 views

Vulnerability fixed in ARM, AMD and Intel processors

Researchers at VU Amsterdam have found a new variant of the Spectre vulnerability. The researchers have dubbed the attack Branch History Injection. Previous mitigation for Spectre v2 is not sufficient to fully fix the vulnerability, according to the researchers. According to the researchers, this...

6.8CVSS5.8AI score0.00508EPSS
Exploits0
NCSC
NCSC
•added 2022/03/11 12:0 a.m.•5 views

Vulnerabilities fixed in Dell BIOS

Vulnerabilities have been fixed in the BIOS of several Dell products. The vulnerabilities make it possible for a local malicious person with elevated privileges to execute code while the system is active in System Management Mode SMM. Dell has made updates available to fix the vulnerabilities fix...

8.2CVSS7AI score0.00275EPSS
Exploits0
NCSC
NCSC
•added 2022/03/11 12:0 a.m.•5 views

Vulnerabilities fixed in Sophos SG UTM

Vulnerabilities have been fixed in Sophos SG UTM. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS SQL Injection Access to sensitive data Sophos has fixed the vulnerabilities in SG UTM version 9.710. More...

8.8CVSS9.6AI score0.11296EPSS
Exploits0
NCSC
NCSC
•added 2022/03/10 12:0 a.m.•5 views

Vulnerabilities fixed in Schneider Electric Ecostruxure Control Expert

Vulnerabilities have been fixed in the Schneider Electric Ecostruxure Control Expert. The vulnerabilities allow an unauthenticated malicious person able to cause a denial-of-service cause. To exploit these vulnerabilities, a malicious party must be able to intercept specific Modbus data and...

5.9CVSS6.7AI score0.00847EPSS
Exploits0
NCSC
NCSC
•added 2022/03/09 12:0 a.m.•5 views

Vulnerability fixed in AMD processors

AMD has fixed a vulnerability with reference CVE-2021-26401 for the Ryzen and Athlon processors. This vulnerability has the same cause as the vulnerability known as Spectre, with attribute CVE-2017-5717. This vulnerability allows a malicious party to obtain sensitive data from the memory of a loc...

7.8CVSS6.4AI score0.01445EPSS
Exploits1
NCSC
NCSC
•added 2022/03/02 12:0 a.m.•5 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to system data Google has ma...

9.6CVSS7.4AI score0.01677EPSS
Exploits2
NCSC
NCSC
•added 2022/02/21 12:0 a.m.•5 views

Vulnerabilities fixed in BMC Track-It!

BMC has fixed several vulnerabilities in Track-It! A malicious party could exploit the vulnerabilities to gain access to the application or to execute arbitrary code under the application's privileges. The vulnerability with reference CVE-2022-24047 involves an "authentication bypass" that allows...

9.8CVSS7.6AI score0.01866EPSS
Exploits0
NCSC
NCSC
•added 2022/02/17 12:0 a.m.•5 views

Vulnerability fixed in IBM MQ

A vulnerability has been fixed in IBM MQ for the Solaris platform. A malicious party could potentially exploit the vulnerability to cause a denial-of-service via the Queue Manager channel process. IBM has released updates to fix the vulnerability in MQ 9.1. For more information, see:...

7.5CVSS6.7AI score0.01156EPSS
Exploits0
NCSC
NCSC
•added 2022/02/16 12:0 a.m.•5 views

Vulnerabilities fixed in VMware Workstation, Fusion & ESXi

VMware has fixed several vulnerabilities in various products, namely Workstation Pro/Player, Fusion and ESXi. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User right...

7.8CVSS8.2AI score0.02316EPSS
Exploits0
NCSC
NCSC
•added 2022/02/10 12:0 a.m.•5 views

Vulnerabilities fixed in Palo Alto GlobalProtect App

Palo Alto Networks has fixed vulnerabilities in GlobalProtect App. The vulnerabilities potentially enable a local malicious person to able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root privileges. Access to sensitive data Increased...

7.8CVSS7.3AI score0.00746EPSS
Exploits0
NCSC
NCSC
•added 2022/02/08 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...

9.3CVSS7.2AI score0.53655EPSS
Exploits4
NCSC
NCSC
•added 2022/02/08 12:0 a.m.•5 views

Vulnerabilities fixed in Microsoft SQL Server and Power BI

Microsoft has fixed vulnerabilities in Microsoft SQL Server and Power BI. The vulnerabilities allow a malicious party to obtain elevated user privileges. SQL Server: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

7.8CVSS7.1AI score0.02567EPSS
Exploits0
NCSC
NCSC
•added 2022/02/04 12:0 a.m.•5 views

Vulnerability fixed in VMware Workstation, Fusion & ESXi

A vulnerability has been fixed in VMware Workstation, Fusion & ESXi. The vulnerability enables a malicious person with access to a virtual machine on which CD-ROM virtualization is enabled to able to execute arbitrary code on the hypervisor. To exploit this vulnerability, a CD image must be...

7.8CVSS7.5AI score0.04681EPSS
Exploits0
NCSC
NCSC
•added 2022/02/01 12:0 a.m.•5 views

Vulnerabilities fixed in IBM Spectrum Protect Plus

IBM has fixed vulnerabilities in Spectrum Protect Plus. The vulnerabilities, which include those in the Node.js and PostgreSQL components of the product, allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data...

8.2CVSS7.3AI score0.21514EPSS
Exploits5
NCSC
NCSC
•added 2022/01/31 12:0 a.m.•5 views

Vulnerability fixed in ABB OPC Server

A vulnerability has been fixed in ABB OPC Server for AC 800M. The vulnerability enables an authenticated remote malicious person to able to execute arbitrary code. ABB has released updates to fix the vulnerability. To exploit this vulnerability requires access to the network of the victim's netwo...

8.8CVSS7.2AI score0.00831EPSS
Exploits0
NCSC
NCSC
•added 2022/01/31 12:0 a.m.•5 views

Vulnerability fixed in IBM Spectrum Protect Plus

IBM has fixed a vulnerability in Spectrum Protect Plus. A authenticated malicious party can, by exploiting this vulnerability to gain elevated privileges on the vulnerable system. IBM has released updates to fix the vulnerability in Spectrum Protect Plus 10.1.9. For more information, see:...

7.8CVSS9.4AI score0.00353EPSS
Exploits2
NCSC
NCSC
•added 2022/01/27 12:0 a.m.•5 views

Vulnerabilities fixed in Apple macOS

Vulnerabilities have been fixed in macOS Monterey, Big Sur and Catalina. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...

10CVSS7.1AI score0.11638EPSS
Exploits0
NCSC
NCSC
•added 2022/01/27 12:0 a.m.•5 views

Vulnerability found in i915 kernel driver

A researcher has found a vulnerability in the Linux i915 kernel driver. The memory cache of the i915 kernel graphics driver is not properly cleaned up. An attacker exploiting this vulnerability could cause a local denial-of-service DoS cause or gain access to system data or elevated user...

7.8CVSS7.4AI score0.00379EPSS
Exploits0
Total number of security vulnerabilities4190